Public key cryptography (“PKI”) was first developed in the 1970s and has witnessed only modest incremental improvements to date. The known weaknesses are well studied as are the systemic failures resulting in devastating hacks from the flawed creaky fundamentals of the design itself. The basic reason is PKI is a “perfect world” solution—it only works well in an error-free environment. It fails catastrophically in the real world.
Data encryption is known that uses streaming ciphers or block ciphers. Streaming and block ciphers are widely used even though they are not mathematically provable to be 100% secure. These can use asymmetric (or public key) cryptography. The keys are typically of a fixed size and may be static. A calculation is done, one each side, to encrypt or decrypt the data. In a typical public key scenario, a sender uses the public key of a public-key and private-key pair to encrypt a message. The receiver uses the corresponding private key to decrypt the message. Security is provided because it is generally computationally infeasible to derive the private key from the public key.
These modern ciphers are inferior, including Elliptical Curves Cryptography (“ECC”), AES, RSA, etc, because they are vulnerable to brute force attack against the key space—albeit over a long period of time using powerful computers. With the advent of quantum computers in development today, the time for decrypting these modern systems using these techniques can be vastly decreased. In August 2015, an NSA advisory confirmed the immediate future risk of using these systems and recommend against the use of ECC. Additional guidance confirmed the entire class of these cryptographic systems suffered from the same risk and could not be used as the basis for securing information.
One-time pads were invented early on in the 20th century and are the only provably secure cryptosystem which was also invulnerable to attack by quantum computers. They are normally reserved for the most secure communications requirements. One-Time Pad (“OTP”) encryption using random keys can produce provable perfect secrecy. In fact, any cryptosystem with perfect secrecy must use OTP-like key structures to be resistant to cryptanalysis and brute force attack. Even quantum computers, noted above, will have zero impact on OTP-based cryptosystems.
In a manual OTP scenario, the sender has a pad of paper on which is written randomly chosen key letters. The key is the same size as the message. In one implementation, the sender adds one key letter to each plaintext letter to produce cipher text, and never repeat the key letters. For example, assume the message is “YES” and the pad letters are “CMG”. You add Y (25) to C (3) to get B (26+3=2 modulo 26), or E (5) to M (13) to get R (18). The sender then destroys the paper. The receiver reverses the process using his pad of paper (the encryption is thus symmetric), and then burns the key letters when he is done. Because the key is the same size as the plaintext, every possible plaintext is equally likely and it is impossible for an attacker to tell when the correct decryption has been derived. No brute force attack is possible against the full key space. See e.g., Schneier, Secrets and Lies: Digital Security In a Networked World (Wiley Publishing, 2000).
Some streaming ciphers attempt to approximate a pseudo OTP operation. In such scenarios, the transmitter and receiver independently but synchronously generate the same key. Because the keys are calculated and not truly random, they can sometimes be cracked (the key is insecure because it is calculated) but may provide adequate security depending on the context and cryptographic algorithms used. Streaming cipher calculations can sometimes take considerably more time than a single add or exclusive OR operation as is used in certain one-time pad implementations, but this calculation time can have different impacts depending on context.
There are a number of important hurdles to successfully implementing an OTP system, including key storage and distribution, key material replenishment, etc. Beyond perfect secrecy, the potential practical benefits are: simplified hardware and software complexity; lower energy and computing resources costs—at the CPU, device, system and network levels; extremely high execution speed in both stream and block cipher modes; vastly expanded access to security for simple electronic devices and sensors.
OTPs are typically created using Random Number Generators (“RNGs”) and distributed from a single location to authorized recipients in paper or digital form. In OTP cryptosystems, the variable length keys used to encrypt messages are at least as long as the messages themselves (noted above), which differs from cryptosystems using fixed length keys and complex mathematical algorithms. Guessing the correct OTP key used to create a ciphertext is possible but ultimately useless because there is no way to know the correct plaintext has been recovered. Any number of guessed keys can produce any number of valid plaintext completely unrelated to the target plaintext. Conversely, any number of messages of the same length encrypted with the same OTP system all using completely different keys can produce the same exact cipher text. As such, correctly guessing one of the keys leaves the cryptanalyst no closer to recovering the plaintext of interest. There is no possible brute force attack against the key space and more fundamentally against the cryptosystem itself.
Converging on a provably secure cryptosystem is more important than ever as the Internet of Things (“IoT”) is now changing the computer technology landscape and will fundamentally transform the way we think about data movement. Annual IP-based traffic alone will surpass the Zettabyte scale in 2016, which will require a commensurate amount of security infrastructure to protect it. (A zettabyte=1 billion Terabytes, an impossibly large number for the human mind to comprehend.)
To say the current security architecture is woefully inadequate to address the challenge is a profound understatement because it does not account for the proliferation of emerging non-IP based data transmissions and new communications on the near horizon. To extend existing systems to fully encrypt and secure these evolving network structures would be, at a minimum, an epic engineering and design problem consisting of countless moving parts and thousands of man-hours in research and development. Complex systems break and are compromised in complex ways rarely understood or appreciated by their naïve makers. The essence of modern day hacking is based on this principle and only grows with technical complexity—an unsustainable paradigm for the IoT, which promises enormous growth among the connectivity of disparate systems of devices.
Note for modern systems, the longer the key length, the more secure it is considered. However, the longer the key, or the more complex the computation to resolve the key, requires increasingly more computing power. As data from more and more devices in the IoT is required to be encrypted and unencrypted, more and more power is required, taxing batteries of non-hard wired devices. A reduced key size (or “weight”) and/or a simplified computation protocol, but retaining all of the robust security is needed.
Reducing complexity and increasing security requires starting at infinity minus delta and moving backwards. OTP, as opposed to modern systems like AES-256 and ECC, can only be cracked if the implementation was flawed while proper implementation is invulnerable no matter the computing resources available, quantum or otherwise. Breaking into all existing systems will happen with enough resources while OTP is invulnerable to computing advances stemming from Moore's law. OTP is also “light weight” and can be computed using simplified algorithms.
Beyond cryptography, but part of the background of the inventive concept, is that of natural resonance and synchronization networks. In physics and nature, two (or more) entities resonate when one sends a signal causing the other to vibrate (oscillate) at the same frequency. This signal can be transferred simultaneously across many members of a group so they are all said to be in “resonance”. An example is when a singer hits the exact note needed to vibrate a wine glass so it “sings” the same note (oscillates at the same frequency). Or when tuning a piano or guitar to the same frequency of a vibrating tuning fork tone.
In quantum mechanics and string theory, only certain types of vibrations are allowed, which is what all particles and forces are at a fundamental level—disallowed vibrations cannot exist. There are biological examples as well, such as Pteroptyx fireflies filling up large trees with millions pulsing in unison, as if they were all one giant light even though they are separate insects. This doesn't happen instantaneously and different groups will pulse at different rates and at different times. “Coupling” is when a group and a particular insect have sympathetic oscillations—from a distant observer's perspective, they are like two strobe lights harmonizing. The insect's own pulse frequency is “coupled” to that of the group. The group becomes synchronized with the substrate of these coupled oscillators (the insects) forming a synchronization network.
Turning back, the centralized public key encryption systems at the heart of global internet security protocols are inadequate for the IoT and emerging technologies on the near horizon. The care and feeding of the complex infrastructure required to sustain it has consistently failed, resulting in hacks of major corporations and individuals alike. With the advent of quantum computers in the coming years, it is vulnerable to brute force attacks and needs to be replaced with a more powerful cryptographic paradigm.